I have read that c9 workspaces are powered using Docker. I would be very interested to know a little more about what are the precautions used / the hardware and software architecture ensuring that nothing from inside the containers impacts the service.
I am currently writing an open-source sandboxing library to run untrusted python code in docker containers, and such information would be very helpful for me. If I get an answer, I’ll gladly add a link to C9 in the credits and mention I’m a convinced user.
You can DM me @christophetd on twitter if needed.